by Kelly Earley

4 hours ago60 Views

Email addresses and password hashes were accessed in a recent breach affecting some of the oldest users on Freepik’s image sharing platform.

Freepik, a popular website that provides access to free stock photos and design graphics, announced on Friday (21 August) that it had been subject to a major data breach.

In a statement, the company said that it immediately notified authorities of the breach, which is estimated to have affected 8.3m users of Freepik and its free graphic resource subsidiary Flaticon.

Freepik said that the security breach was due to a SQL injection in Flaticon that allowed an attacker to access user information from the company’s database.

The breach affected 8.3m of the company’s oldest users, whose email addresses and extracted password hashes were accessed. The hash of the password cannot be used to log into a user account, as it is not a password, but a scrambled representation of a password.

The company said: “Out of these 8.3m users, 4.5m had no hashed password because they used exclusively federated logins (with Google, Facebook and/or Twitter) and the only data the attacker obtained from these users was their email address.”

The remaining 3.77m users had their email addresses revealed and for 3.55m of these users, the method to hash the password used by Freepik was bcrypt, while, for the remaining 229,000 users, the method was salted MD5. The company said that it has now updated the hash of all users to bcrypt as a result of the breach.

“Those who had a password hashed with salted MD5 got their password cancelled and have received an email to urge them to choose a new password and to change their password if it was shared with any other site,” the company said.

The company added that users whose passwords were hashed with bcrypt received an email suggesting that they change their password, especially if it was an easy-to-guess password. “Users who only had their email leaked were notified, but no special action is required from them.”

The company advised users to verify if their email addresses or passwords have been compromised by checking out HaveIBeenPwned.com.

Freepik also said that it has “greatly extended” its engagement with external security consultants and has undertaken a full review of its external and internal security measures.

“While no system is 100pc secure, this should not have happened and we apologise for this leak,” the company said.

Earlier this year, Freepik announced that it had a community of 20m registered users who are supported by the firm’s 450 in-house freelance graphic designers and external contributors.

Kelly Earley is a journalist with Siliconrepublic.com

7 Aug 2020389 Views

3 days ago114 Views

3 days ago170 Views

7 Aug 20201.17k Views

5 Aug 2020245 Views

3 Aug 20201.21k Views

15 minutes ago

47 minutes ago

2 hours ago

3 hours ago

4 hours ago

5 hours ago

5 hours ago

5 hours ago

6 hours ago

7 hours ago

7 hours ago

7 hours ago

8 hours ago

8 hours ago

9 hours ago

2 days ago

3 days ago

3 days ago

3 days ago

3 days ago

3 days ago

3 days ago

3 days ago

3 days ago

All content copyright 2002-2020 Silicon Republic Knowledge & Events Management Ltd. Reproduction without explicit permission is prohibited. All rights reserved.
Designed by Zero-G and Square1.io

Our Website uses cookies to improve your experience. Please visit our Privacy Policy page for more information about cookies and how we use them.

Source: https://www.siliconrepublic.com/enterprise/freepik-stock-photo-data-breach

World news – GB – 8.3m Freepik users exposed in recent data breach

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here